oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: fix leak in previous commit

Browse Source 
Don't zero output_token unless it was moved to PA-GSS padata.
This commit is contained in:
Luke Howard
2021-08-15 15:51:05 +10:00
parent df9e74b292
commit a2538aeb38
1 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
kdc/gss_preauth.c
View File

@@ -41,8 +41,7 @@
#include "gss_preauth_authorizer_plugin.h" #include "gss_preauth_authorizer_plugin.h"
struct gss_client_params { struct gss_client_params {
OM_uint32 major_status; OM_uint32 major, minor;
OM_uint32 minor_status;
gss_ctx_id_t context_handle; gss_ctx_id_t context_handle;
gss_name_t initiator_name; gss_name_t initiator_name;
gss_OID mech_type; gss_OID mech_type;
@@ -217,7 +216,7 @@ _kdc_gss_rd_padata(astgs_request_t r,
goto out; goto out;
} }
gcp->major_status = GSS_S_NO_CONTEXT; gcp->major = GSS_S_NO_CONTEXT;
ret = pa_gss_get_context_state(r, gcp); ret = pa_gss_get_context_state(r, gcp);
if (ret) if (ret)
@@ -247,10 +246,10 @@ _kdc_gss_rd_padata(astgs_request_t r,
&gcp->lifetime, &gcp->lifetime,
NULL); /* delegated_cred_handle */ NULL); /* delegated_cred_handle */
gcp->major_status = major; gcp->major = major;
gcp->minor_status = minor; gcp->minor = minor;
if (GSS_ERROR(major)) { if (GSS_ERROR(gcp->major)) {
pa_gss_display_status(r, major, minor, gcp, pa_gss_display_status(r, major, minor, gcp,
"Failed to accept GSS security context"); "Failed to accept GSS security context");
ret = _krb5_gss_map_error(major, minor); ret = _krb5_gss_map_error(major, minor);
@@ -264,7 +263,7 @@ _kdc_gss_rd_padata(astgs_request_t r,
goto out; goto out;
} }
*open = (gcp->major_status == GSS_S_COMPLETE); *open = (gcp->major == GSS_S_COMPLETE);
out: out:
gss_release_cred(&minor, &cred); gss_release_cred(&minor, &cred);
@@ -575,7 +574,7 @@ _kdc_gss_mk_pa_reply(astgs_request_t r,
krb5_error_code ret; krb5_error_code ret;
const KDC_REQ *req = &r->req; const KDC_REQ *req = &r->req;
if (gcp->major_status == GSS_S_COMPLETE) { if (gcp->major == GSS_S_COMPLETE) {
krb5_enctype enctype; krb5_enctype enctype;
uint32_t kfe = 0; uint32_t kfe = 0;
krb5_keyblock *reply_key = NULL; krb5_keyblock *reply_key = NULL;
@@ -600,28 +599,28 @@ _kdc_gss_mk_pa_reply(astgs_request_t r,
krb5_free_keyblock_contents(r->context, &r->reply_key); krb5_free_keyblock_contents(r->context, &r->reply_key);
r->reply_key = *reply_key; r->reply_key = *reply_key;
free(reply_key); free(reply_key);
} else if (gcp->major_status == GSS_S_CONTINUE_NEEDED) { } else if (gcp->major == GSS_S_CONTINUE_NEEDED) {
ret = pa_gss_set_context_state(r, gcp); ret = pa_gss_set_context_state(r, gcp);
if (ret) if (ret)
goto out; goto out;
} }
/* only return padata in error case if we have an error token */ /* only return padata in error case if we have an error token */
if (!GSS_ERROR(gcp->major_status) || gcp->output_token.length) { if (!GSS_ERROR(gcp->major) || gcp->output_token.length) {
ret = krb5_padata_add(r->context, &r->outpadata, KRB5_PADATA_GSS, ret = krb5_padata_add(r->context, &r->outpadata, KRB5_PADATA_GSS,
gcp->output_token.value, gcp->output_token.length); gcp->output_token.value, gcp->output_token.length);
if (ret) if (ret)
goto out; goto out;
/* token is now owned by outpadata */
gcp->output_token.length = 0;
gcp->output_token.value = NULL;
} }
/* token is now owned by outpadata */ if (gcp->major == GSS_S_CONTINUE_NEEDED)
gcp->output_token.length = 0;
gcp->output_token.value = NULL;
if (gcp->major_status == GSS_S_CONTINUE_NEEDED)
ret = KRB5_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED; ret = KRB5_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED;
else else
ret = _krb5_gss_map_error(gcp->major_status, gcp->minor_status); ret = _krb5_gss_map_error(gcp->major, gcp->minor);
out: out:
return ret; return ret;